What is the use of having a chroot path during installation
MURTARI, JOHN
jm5903 at att.com
Thu Jan 14 12:56:37 UTC 2016
-----Original Message-----
From: Harshith Mulky <harshith.mulky at outlook.com>
To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
Subject: What is the use of having a chroot path during installation
of Bind
When installing bind, the following 2 are installed
bind-9.8.2-0.17.rc1.el6.x86_64
bind-chroot-9.8.2-0.17.rc1.el6.x86_64
What is the need of this bind-chroot?
I see all files in /var/named path are softlinks to /var/named/chroot/var/named
and
/etc/named.conf is softlink to /var/named/chroot/etc/named.conf
What is this chroot binding? And why is this chroot Binding Required?
Can the named server function without this chroot Binding?
Thanks
Harshith
---------------------------------
I'm assuming you installed this on a Redhat type system. The chroot package
sets up BIND to run in a chroot environment where the new filesystem root
is /var/named/chroot.
It's not 'required' -- but considered by many a good security practice in case
a vulnerability is found that allows the hacker to use named to examine/change
your filesystem -- with chroot active they would be very limited.
The server can function just fine in a non chroot environment, BUT -- if you've
already installed the RPMs and named is starting fine and servicing requests,
you may just want to leave it alone. Removing the chroot package can sometimes
cause problems where old symlinks remain and things get very confusing.
Hope this helps.
Best regards!
John Murtari
More information about the bind-users
mailing list